Breaking Microsoft's Digital Rights Management

The Digital Millennium Copyright Act (DMCA) and the Attack on the
First Amendment

As a United States citizen, the right that I am the most proud of is
our almost unrestricted right to publish. The United States is strong
in every way because of our free press. The free press is at the root
of innovation in the United States. The free press is the reason that
the United States leads the world in technology and ideas.

A free press serves as a brake on government and corporate corruption.
Although many would like to hide their actions in the dark, the courts
have upheld the right to publish information that embarrasses the
powerful. Without a free and open press the people of the United
States would not have known that the government and military lied to
them during the Viet Nam War. We would never have known about the
secret "contra" war in Nicaragua, where people working with Ollie
North ran arms in and drugs out.

I am writing this Web page about six weeks after the United States
suffered the worst terrorist attack in our history. In this dark time
the citizens of the United States should reflect on our history and
our values. The people who founded our country and wrote our
Constitution risked their lives for the freedoms that are guaranteed
there. But they also knew that a Constitution was only paper. The
only guarantee of freedom is in the people themselves. A people who
are cowardly and craven will allow their freedoms to be stripped from
them by the powerful.

Our freedoms have been viciously attacked by the Digital Millennium
Copyright Act (DMCA). Congress passed this odious law that attacks
our First Amendment rights while the lobbyists for the recording,
movie and software industry shoveled money into their pockets. The
people who voted for this law cared little for our precious freedoms
and less for the oath they took to uphold the Constitution.

The DMCA is a direct attack on the right of United States citizens to
publish. The DMCA makes it illegal to distribute software, in either
object or source form that can defeat copyright protections. A
Russian citizen, Dmitri Sklyarov was arrested while attending a
computer science conference in the United States. Sklyarov's crime,
under the DMCA, was to develop software that defeated the copy
protection included in Adobe
e-books. Unfortunately software source code, published on the
Internet, does not have the clear First Amendment protections that
that speech does. However, even speech has been attacked as Professor
Edward Felton found out when he tried to publish his paper on the
Secure Digital Music Initiative's music watermark.

Historically the United States has given its citizens wide latitude in
publishing. Even material which is objectionable to many people may be
published. This includes violent pornography, drug and bomb making
instructions and fascist screeds. The right to publish has been
limited only when there is a compelling reason and the courts have, so
far, narrowly defined "compelling. For example, the design of nuclear
weapons cannot be published. Nor can the names of covert agents
working for US Intelligence. In general classified information cannot
be published, but in the case of The Pentagon Papers,
publication of classified information was allowed. The US Government
has a long history of classifying material to cover-up embarrassing
information. The courts have sometimes recognized that embarrassment
is not the same as national security and allowed the publication of
classified material.

Compelling reasons to limit free speech and publication should not
include protecting the profits of large multi-national media
corporations. Yet this is exactly what the DMCA does: it limits
publication to protect corporate profit. Not only can software that
attacks copyright protections not be published, but the DMCA also
threatens the right to publish articles that describe the computer
science principles behind this software.

Trade Secrets and the Suppression of Free Speech

The media industry and those who provide protection schemes are
attempting to use trade secret law to suppress free speech.

Free speech is never absolute. For example, if I sign an agreement
with a company that pays me for my services, frequently I agree not to
disclose the trade secrets that I learn about as part of my work.
This limits my free speech, but I have agreed to this limitation in
advance.

The software industry and Microsoft in particular frequently include a
license agreement as part of their software installation. These
agreements are long and written in impossible to read legalese. Most
users ignore them. Similar agreements are included in software
packaging. The theory is that by breaking the seal the user agrees to
the conditions in the license.

An increasingly popular condition in these impenetrable licenses is an
agreement not to "reverse engineer" the software, protection schemes
or anything else the provider does not want you to know. Users who do
so violate what the vendor claims is a trade secret agreement. This
is the legal argument taken by the Motion Picture Association of
America (MPAA) in the suit against anyone associated with the DeCSS
software that allows DVD copying.

This is an obscene approach for the MPAA and media vendors to take.
These licenses are difficult to understand, even for a well educated
college graduate. The licenses are intentionally made to be difficult
to understand so users will agree to them without reading the
agreement. Requiring a complex license to use a media player or to
view a movie on a DVD is simply ridiculous. Claiming a trade secret
agreement when no trade secrets are disclosed, as they are between an
employee and an employer, is even more outrageous. These agreements
have never been challenged in court so it is unclear whether they are
enforcible.

Even if one were to accept the outrageous concept that the use of a
mass media technology creates a trade secret agreement between the
vendor and the user, the liability should at most extend to the person
who disclosed the information. The MPAA has attempted to extend the
publishing prohibition and liability to anyone who republishes the
material (for example, the hacker publication 2600 republishing
the DeCSS source code). The publishers of 2600 have not necessarily
come into contact with the vendor's products (nor have I ever
used Microsoft's media player that supports DRM). So there can be no
trade secret agreement between the vendor and any secondary
publisher.

Cryptographic techniques do not depend on secrecy. In fact, companies
like RSA Security publish their
algorithms (for example their RC5
algorithm) so that people outside of RSA can attempt attacks. The
fact that the media industry is depending on secrecy to protect their
"intellectual property" is a statement of how poor their engineering
is.

Microsoft Digital Rights Management

Recently The
Register reported that an anonymous author using the name
"Beale Screamer" had cracked the Microsoft Digital Rights Management
(DRM) protection scheme for music and other media. The author of this
software did not want to follow Dmitry Sklyarov to jail and has
remained anonymous. The existence of the DMCA means that no web site
in the United States can publish the software that breaks Microsoft's
DRM protection without fear of being prosecuted. However, The Register is in England
where the DMCA does not apply. At the time of this writing, The
Register article has a link to the software that will allow you to
down-load it. Software that implements mathematical algorithms tends
to be small compared to, say, compilers (this simply reflects that
fact that the effort goes into developing the mathematics, rather than
the software). Another way to look at this is that with the DMCA in
place, it does not take that much source code to get you into lots of
trouble. As of the October 18, 2001 release of the software:

source lines

file name

118

MultiSwap.c

238

ecc.c

545

main.c

724

msdrm.c

21

MultiSwap.h

36

ecc.h

47

msdrm.h

1729

total lines

I don't have any interest in using this software. I removed it after I
ran the the UNIX utility wc on the source files to generate
the data for the table above.

One thing that is worth noting is that this is a relatively small
piece of software. It should be possible to entirely describe its
functionality in English, such that the English can be directly
translated by a programmer into C code. Although the courts don't
extend First Amendment protection to software source, the First
Amendment should cover the English expression of the software source.
A program that translated C to a restricted set of english and the
restricted set of english back to C could also be envisioned. If the
First Amendment did not cover the English result of such a
translation, then in theory the First Amendment would not cover
mathematics publications either. For example, pure Lisp embodies
lambda calculus and could be viewed as an executable form of
mathematics. This is true of a language like C as well, although we
lose some mathematical properties.

The anonymous author of this software seems to be a professional
computer scientist. A great deal of work went into a very
sophisticated attack on Microsoft's DRM. Along with the software are
well written articles on copyright issues and Microsoft's DRM
scheme. These articles are mirrored here, as I down-loaded them from
The Register. I have only added HTML formatting. The
technical description of the Microsoft DRM is obviously not the work
of a "teen hacker", but of a mature computer scientist. The technical
discussion includes some important issues about how Microsoft could
use this technology to support their monopoly power.

As a United States citizen and resident I cannot publish the software
source that went along with these writings without fear of civil and
criminal liability. Although the courts have not yet recognized
software source as a form of speech, the written word (and these Web
pages) are still supposed to be protected by the First Amendment.

Disclaimers

I'd like to point out that the anonymous author's words are his, not
mine, although I agree with what "Beale Screamer" writes. Don't send
me e-mail asking for the source code. I don't have this source code
and would not distribute it. Although the DMCA is a horrible and
offensive law, like "Beale Screamer", I have no desire to run afoul of it.

"Beale Screamer"'s articles and related files:

In closing it is probably worth noting that an increasing number of
computer scientists are taking time from their other work to provide
the technical means for people to recover the fair use rights that
the DMCA has stolen from them. The power of the DMCA to inspire such
bitter feelings in a highly educated and talented group is simply
another indication of the fact that it is bad law.

Annotated References

Attempts to control the flow of copyrighted information, either
through legal means, like the DMCA, or through technological means,
via "containers" like the MSDRM, are motivated in part by file sharing
networks. These networks and related issues are discussed on the web
page A Modest Proposal.

This is a link to a review of K.W. Jeter's science fiction book
Noir. In one of the sub-themes in this book, Jeter follows the
RIAA/DMCA argument into the realm of the absurd, where those who
violate copyright are consigned to a horrible living death. What is
wierd is that for Jeter this does not seem to be satire. Jeter seems
to be extremely bitter about copyright infringement.

The
article in The Register on the Microsoft DRM attack.
The link on the Register's site to the "Beale Screamer" software has
been removed. I did not see any comment on why The Register removed
this link. See the next list item.

Get the source code at cryptome.org

The guys at 2600 got into hot water for publishing a link to the DeCSS
software. Being a mild mannered Bear (here at bearcave.com) I don't
want to follow down this path. However, I'm also a naive Bear and,
even though that Islamic (ah, I mean Christian) fundamentalist fanatic
John Ashcroft is currently the US Attorney General (and Shrub is his
boss), I'd like to think that the the First Amendment still holds. So
it should be protected speech to mention that the .zip file containing
the "Beale Screamer" software can be found on cryptome.org.

The New York Times on-line edition requires a registration, but there
is no fee.

This is the New York Times article on the Microsoft DRM attack.
Microsoft states that they are considering a civil suit. I wonder who
they think they are going to sue? Microsoft seems to be getting
dumber and dumber when it comes to customer and government relations.
Perhaps they really will try to sue "Beale Screamer".

If Microsoft continues the current obnoxious behavior (e.g., Passport,
required operating system registration) there may be a backlash in the
computer science and engineer community. I have been pretty much
Microsoft neutral in the past. I develop software on Windows NT as
well as UNIX. But as Microsoft becomes more intrusive, attempting to
capture every lose penny and collect "vig" on all transactions that
take place via the Microsoft operating system, I have come to dislike
them more and more.

InterTrust is currently suing Microsoft over the Microsoft DRM scheme
in the version 8 Media Player. They are apparently suing Microsoft
over .NET as well. I read a comment from a Microsoft flack stating
that InterTrust did not even understand what .NET was. This is
obviously true, since no one else knows either.

Several years ago I interviewed with InterTrust (way before they went
public). From what InterTrust described at the time and from "Beale
Screamers" description, it does sound like Microsoft may indeed have
infringed InterTrusts patents.

At one time I worked for a company named Quickturn. Years before
another company, Mentor Graphics, sold Quickturn a set of core
patents. Mentor later decided that they wanted to enter Quickturns
business. They designed and manufactured a product that infrindged on
the patents that they sold Quickturn. After years of litigation
Mentor was unable to lie, cheat or steal their way around these
patents (and trust me, Microsoft looks like a bunch of Alter Boys
compared to Mentor). So Mentor launched a hostile takeover of
Quickturn. Of course Mentor claimed that this had nothing to do with
escaping patent liability. Mentor almost succeeded in their hostile
take over (Quickturn was bought by Cadence Design Systems).

At the time I wrote this InterTrust has a previous day's close of
$1.26, down from almost $100 in March of 2000. Their current market
capitalization is about $120 million. Like Mentor, Microsoft might
simply try to buy InterTrust. If Microsoft offered, say, $250 million
for the company, it's hard to imagine that the stockholders would turn
the offer down.

This Web page discusses a globally unique identifier that is created
for each user when they install the Windows Media Player (WMP). As
this web site notes, this allows both hackers and "content" providers
to track usage. This apparently effects Microsoft Internet Explorer
version 6 and Windows XP. Microsoft does not seem to regard this kind
of breach of privacy as a problem (after all, they have .NET).

This is an excellent article on the media industries attempts to stop
their customers from copying material. This article also makes the
point that the media industry is at war with their customers.

Chris Gorog, chief executive of Roxio, the leading maker of CD
authoring software for PCs and Macs, predicts consumers will rebel
against the recording industry's attempts to curb CD burning. It's a
phenomenon bigger than recorded music itself -- with an estimated 5
billion blank discs to be shipped this year, compared to 3 billion
music CDs sold.

"Clearly, what the consumer wants to do -- and has done now for many
decades -- is buy recorded music and have the ability to make
copies," said Gorog. "It's been very clear that making compilation
tapes, sharing tapes with friends, turning on your friends to new bits
of music actually has propelled the growth of the industry. To view
the simple act of recording as the enemy is really missing the boat."

For example, the recording industry wants to make CDs unplayable on
computers without digital rights management so that CD tracks cannot
be "ripped" to a CD-ROM burner. It also means that I can't listen to
music on my Windows NT 4.0 system while I write software unless I
install a player that supports the recording company's DRM. I don't
like installing new software on my system, especially when the sole
purpose of this software is to take away the reasonable use of the CD
that I've purchased. Also, it appears that these players may only
work on Windows XP. Given Microsoft's disgusting behavior I'm not
planning on upgrading in the near future. In the end, I'll return the
CD. As far as I'm concerned, its defective, since it will not play on
my hardware.

The Greatful Dead were famous for allowing recording at their
concerts, as long as it took place in an area set aside for this
purpose. I remember seeing forests of microphones in the recording
area. "Bootleg" recording never hurt "The Dead's" record/CD sales.
At some point, musicians, the people who provide the content that the
recording industry is trying to restrict, will discover that
distributing their product through an industry that is at war with its
customer base is a bad idea. Musicians will either start recording
companies without these restrictive practices or distribute music
through more progressive channels. No industry in a capitalist system
cannot survive if they alienate their customer base and do not give their
customers what they want.

This ruling deals with the publication of DeCSS source code. DeCSS is
a program that can break copy protection on DVDs. The recording
indutry attempted to block publication of the source code (via so
called "prior restraint"). The appeals court held that such prior
restraint could only be applied in the most restricted cases. Some
quotes from the article:

The California appeals court's ruling Thursday goes the farthest to
date in explicitly defining software code as speech. Under that legal
reasoning, programmers could still be prosecuted for posting illegal
software but could not be prevented from doing so in the first place.

...

The movie industry's "statutory right to protect its economically
valuable trade secret is not an interest that is 'more fundamental'
than the First Amendment right to freedom of speech," the judges
wrote. Nor is it "on equal footing with the national security
interests and other vital governmental interests that have previously
been found insufficient to justify a prior restraint."

Unfortunately this ruling does not go far enough. The media industry
and the DMCA still threatens scientific discourse. The media industry
has claimed that the publication of DeCSS source code is the same as
the publication of trade secrets, which the author of the code was
privy to as part of the license to view the movie. I'm sure that
Microsoft would like to take a similar tack: by using their media
player you agree to protect their trade secrets. Finally there is the
argument that any attempt to subvert copy protection is a violation of
the DMCA.

This article discusses two appeals court losses, one in the case of
Prof. Felton suing the government to overturn the prior restraint
imposed by the DMCA and the other in the case of 2600 regarding
publication of the DeCSS source code. Sadly I believe that I may be
related to Lewis Kaplan, the Federal judge who decided the 2600 case.

This article is an analysis of the 2600 DeCSS ruling and of the Felton
ruling. It is interesting to note the that 9th Circuit Court of
Appeals has issued a ruling that is directly counter to to the ruling
of the 2nd Court of Appeals. Where there are conflicting rulings in
the Appeals courts the Supreme Court is supposed to issue a
definitive ruling. I find the idea that speech should be limited to
protect the profits of a multinational corporation deeply offensive
and I hope the the Supreme court will come up with a better ruling
than they did in Gore vs. Bush.

The full second court of appeals declined to Review Judge Lewis
A. Kaplan's decision. the only option is a Supreme Court review, and
this seems unlikely, since the Supreme Court refuses most review
requests.

Upholding the DMCA and refusing to recognize that fact that software
is a medium for free expression, just as a mathematics journal article
is, is misguided and ill informed. I'm embarassed to have the same
last name as Lewis A. Kaplan (even worse, we may be distantly
related).

The Free Dmitry Sklyarov! web page is every slow, since it is
probably having a hard time handling the traffic that it receives.
Although we are in the midst of the dark days of the Bush II
administration, which a Christian Fundamentalist fanatic as Attorney
General, I continue to hope that the US government will drop this stupid
case. When this happens, I assume that the above link will disappear.

Dmitry Sklyarov was arrested at the instigation of Adobe. Adobe,
realizing that they were facing a huge public relations problem in the
technial community decided to drop their complaint. The Boycott Abobe
site "declared victory and went home". However, Sklyarov still has a
criminal inditement hanging over his head. At least while this is the
case I think that you should think carefully about whether you want to
purchase software from a company that would use a despicable law like
DMCA to arrest a computer scientist visiting the United States.

1:38 p.m. Dec. 13, 2001 PST SAN JOSE, California -- Charges will
be dropped against a Russian computer programmer accused of violating
copyrights on software made by Adobe Systems in exchange for his
testimony in the trial of his company, a spokeswoman for the
programmer said Thursday.

Dmitry Sklyarov, 27, had been charged in the first criminal
prosecution under the 1998 Digital Millennium Copyright Act.

Sklyarov and his employer, ElcomSoft Co. Ltd. of Moscow, were charged
with releasing a program that let readers disable restrictions on
Adobe's electronic-book software. The program is legal in Russia.

Sklyarov was arrested after speaking at a hacking convention in Las
Vegas on July 16. He lives with his wife and two children in an
apartment in San Mateo and has been working on his doctorate in
computer science.

This is only slightly less offensive the the original prosecution of
Sklyarov. Sklyarov will be forced to testify against his employeer in
return for being allowed to go free. Yet his employer should never
have been charged either. I hope that the EFF will take up this
defence as well.

This sorry chapter in applying the odious DMCA came to a close with a
not guilty verdict for ElcomSoft. This verdict was hailed as a "huge
win" on slashdot.org. This is an overstatement. This case does not
allow computer science researchers to publish code that attacks copy
protection. The Electronic Frountiers Foundation and Lawrence Lessig
went to bat for both Sklyarov and ElcomSoft. Any individual who had
to defend such a case without such help would pay a very high price.
The threat of losing one's house or life savings to defend a criminal
case would induce many people to plead guilty to avoid trial. Only
the repeal or significant modification of this terrible law will be a
"huge win". The DMCA continues to threaten free expression.

Marc Canter's editorial posted on news.com is a good example of the
confusion that exists regarding "fair use". Despite what Mr. Canter
seems to believe, there is not "right" to fair use, as there is a
right to free speech or to arm bears. The fair use doctrine
has been inferred by the courts. The rulings seem to be
idiosyncratic. Authors and reviewers are allowed to quote small
sections of a written work under fair use. But J.D. Salinger
successfully asserted copyright to block any quotation from his
letters (the author of a letter holds copyright). The Sony Betamax
ruling, which has been widely quoted, did not actually give consumers
the "right" to copy movies and television programs. The Betamax
ruling simply stated that there were important non-infringing uses for
video tape recorders and as a result the media industry could not
block the sale of these devices. In part fair use doctrine has arisen
from issues of practicality. It would be impractical to block the
Xerographic reproduction of small sections of copyrighted works. On
the other hand, professors do not have the right to copy these works
and hand them out to 300 students.

Mr. Canter does make the point that I've made above. Regardless of
legal issues, it is stupid and impractical for an industry to attempt
to thwart the desires of their customers.

On slashdot.org, where I saw the pointer to this article, they
summarized Levy's point as:

He [Levy] points out that only the media giants could be so stupid as
to think treating their customers like criminals will increase sales.

All this is in response to Senator Fritz Hollings's proposed Security
Standards and Certification Act (SSCA). This would go one better than
the software schemes for "digital rights" protection, forcing hardware
manufacturers to embed features for copyright protection in their
products.

A typical replacement attack relies upon the observation that
multimedia content is often highly repetitive. Thus, the attack
procedure replaces each signal block with another, perceptually
similar block computed as a combination of other similar blocks found
either within the same media clip or within a library of media
clips. Assuming the blocks used to compute the replacement are marked
with distinct secrets, we show that if the computed replacement block
is at some minimal distance from the original marked block, large
portion of the embedded watermark is irreversibly removed.

This attack on digital watermarking seems to rely on self-similarity
in the data. The Holder exponent is a measure for self-similarity.
Would Holder exponent measures simplify this attack? Is this yet
another place where the multi-resolution features of wavelets could be
used?